Standards for Privacy of Individually Identifiable Health Information. Final Privacy Rule Preamble.. Section 164.526(e) - Actions on Notices of Amendment

12/28/2000

We proposed to require any covered entity that received a notification of amendment to have procedures in place to make the amendment in any of its designated record sets and to notify its business associates, if appropriate, of amendments.

We retain the proposed approach in the final rule. If a covered entity receives a notification of amended protected health information from another covered entity as described above, the covered entity must make the necessary amendment to protected health information in designated record sets it maintains. In addition, covered entities must require their business associates who receive such notifications to incorporate any necessary amendments to designated record sets maintained on the covered entity's behalf. (See § 164.504 regarding business associate requirements.)